RomHack 2018 program

22nd of September 2018

10:45 - 11:30An adversarial approach to improve detection capabilitiesWatch the Video | Download Slides
In this talk we will show an hybrid approach, Red / Blue Team, which allows improving detection and response capabilities using techniques, tactics, and procedures of known attackers; we will analyze how, starting from threat analysis and leveraging on integration and automation of attack and the defense Technologies, we can improve enterprise detection and response capabilities.
Language:

11:30 - 12:15"whoami /priv" - show me your Windows privileges and I will lead you to SYSTEMWatch the Video | Download Slides
On Windows systems, users can be given special privileges. Some of these, if appropriately abused can lead to elevation of privileges to become SYSTEM. In this talk, I will explain what the privileges and tokens are, how to get them, and based on their characteristics, identify some possible paths for privilege escalation.
Particular attention will be devoted to the privileges "SeImpersonate" and "SeAssignPrimary" which, combined with the "Rotten Potato" exploit and our subsequent research, have proved to be "Golden Privilege".
Language:

12:15 - 13:00Windows RID Hijacking: Maintaining Access on Windows MachinesWatch the Video | Download Slides
The new persistence technique RID Hijacking, which affects all Windows versions, takes advantage of some security issues found on the authentication & authorization tasks executed by the Operating System.
It allows setting desired privileges to an existent account in a stealthy manner by modifying some security attributes.
To show its effectiveness, the attack will be demonstrated by using a module which was recently added by Rapid7 to their Metasploit Framework, and developed by the security researcher Sebastián Castro.
Language:

14:30 - 15:00Zanshin Tech - Samurai in the digital ageWatch the Video | Download Slides
At the beginning of this talk we will watch a video about a group of teenagers using OSINT to deal with a hypothetical attacker reported to them by another teenager in distress.
The video provides us with the opportunity to introduce Zanshin Tech, which is the first martial art for the information age; the aim of Zanshin Tech is to teach anyone above the age of 11 to defend themselves on the internet by using technologies faster and more effectively than their assailants while at the same time, respecting the values of traditional martial arts.
Language:

15:00 - 15:45Human Users Detection: stop bots with NginxWatch the Video | Download Slides
Every day, websites and web applications receive many scans and attacks from botnets and script kiddies.
During this talk, we'll see how to make scanning, enumeration and exploit activities ineffective just by using Nginx and JavaScript.
We'll see also how "big vendors" uses this technique in order to intercept automatisms on their customers' websites and web applications.
Language: